Shodan
Vulnerabilities
Vulnerable Software
Freeradius:  >> Freeradius  >> 3.0.0  Security Vulnerabilities
CVE-2017-10984
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.278
Published
2017-07-17
CVE-2017-10985
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-07-17
CVE-2017-10986
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-07-17
CVE-2017-10987
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-07-17
CVE-2017-9148
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-05-29
CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-05
CVE-2015-8762
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
CVSS Score
5.9
EPSS Score
0.005
Published
2017-03-27
CVE-2015-8763
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-03-27
CVE-2015-8764
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-03-27
CVE-2014-2015
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
CVSS Score
7.5
EPSS Score
0.009
Published
2014-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved